Description
SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Easy Laster · pythonwebappsphp
https://www.exploit-db.com/exploits/11824
References (8)
Core 8
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/1003-exploits/woltlabb-sql.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/63126
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38870
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11824
Various Sources x_refsource_misc
http://4004securityproject.wordpress.com/2010/03/22/woltlab-burning-board-teamsite-hack-v3-0-ts_other-php-sql-injection-exploit-2/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57066
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39009
Exploit x_refsource_misc
http://445544.44.ohost.de/worldlabburningboardadon2python-1.txt
Scores
EPSS
0.0233
EPSS Percentile
84.9%
Details
CWE
CWE-89
Status
published
Products (1)
robertotto/teamsite_hack_plugin
< 3.0
Published
Apr 09, 2010
Tracked Since
Feb 18, 2026